def post(self, filename=None):
"""POST handler."""
if not auth.HasPermission(auth.UPLOAD):
self.error(403)
self.response.out.write('Access Denied for current user')
return
xsrf_token = self.request.get('xsrf_token', None)
report_type = filename and 'package' or 'packages'
if not xsrf.XsrfTokenValidate(xsrf_token, report_type):
self.error(400)
self.Render(
'error.html',
{'message': 'Invalid XSRF token. Please refresh and retry.'})
return
if filename:
filename = urllib.unquote(filename)
# If we're updating from new plist xml, perform the update and return.
if self.request.get('new_pkginfo_plist'):
self.UpdatePackageInfoFromPlist()
return
# All non-plist updates require an existing PackageInfo entity.
p = models.PackageInfo.get_by_key_name(filename)
if not p:
self.error(404)
self.Render(
'error.html', {'message': 'PackageInfo not found: %s' % filename})
return
if self.request.get('delete') == '1':
self._DeletePackage(p, filename)
elif self.request.get('submit', None) == 'save':
self.UpdatePackageInfo(p)
elif self.request.get('unlock') == '1':
self._UnlockPackage(p, filename)
elif self.request.get('approve') == '1':
if p.proposal.proposal_in_flight:
self._ApproveProposal(p, filename)
elif self.request.get('reject') == '1':
if p.proposal.proposal_in_flight:
self._RejectProposal(p, filename)
else:
self.error(400)
self.Render(
'error.html', {'message': 'No action specified or unknown action.'})
elif self.request.get('new_pkginfo_plist'):
# No filename was specified, so we're creating a new PackageInfo.
self.UpdatePackageInfoFromPlist(create_new=True)
else:
self.error(404)
def post(self, filename=None):
"""POST handler."""
if not self.IsAdminUser():
self.error(403)
self.response.out.write('Access Denied for current user')
return
xsrf_token = self.request.get('xsrf_token', None)
report_type = filename and 'package' or 'packages'
if not xsrf.XsrfTokenValidate(xsrf_token, report_type):
self.error(400)
self.response.out.write(
'Invalid XSRF token. Please refresh and retry.')
return
if filename:
filename = urllib.unquote(filename)
# If we're updating from new plist xml, perform the update and return.
if self.request.get('new_pkginfo_plist'):
self.UpdatePackageInfoFromPlist()
return
# All non-plist updates require an existing PackageInfo entity.
p = models.PackageInfo.get_by_key_name(filename)
if not p:
self.error(404)
self.response.out.write('Filename not found: %s' % filename)
return
if self.request.get('delete') == '1':
if settings.EMAIL_ON_EVERY_CHANGE:
self.NotifyAdminsOfPackageDeletion(p)
p.delete()
self.redirect('/admin/packages?msg=%s successfully deleted' %
filename)
return
elif self.request.get('submit', None) == 'save':
self.UpdatePackageInfo(p)
elif self.request.get('unlock') == '1':
if settings.EMAIL_ON_EVERY_CHANGE:
self.NotifyAdminsOfPackageUnlock(p)
p.MakeSafeToModify()
self.redirect('/admin/package/%s?msg=%s is safe to modify' %
(filename, filename))
else:
self.error(400)
self.response.out.write(
'No action specified or unknown action.')
elif self.request.get('new_pkginfo_plist'):
# No filename was specified, so we're creating a new PackageInfo.
self.UpdatePackageInfoFromPlist(create_new=True)
else:
self.error(404)
def WrappedFunction(self, *args, **kwargs):
"""Invoke original function if valid token presented."""
xsrf_token = self.request.get('xsrf_token')
if not xsrf.XsrfTokenValidate(xsrf_token, action):
self.error(httplib.BAD_REQUEST)
self.Render('error.html', {
'message':
'Invalid XSRF token. Please refresh and retry.'
})
return
return original_function(self, *args, **kwargs)
def post(self):
"""POST handler."""
if not self.IsAdminUser():
self.error(403)
return
xsrf_token = self.request.get('xsrf_token', None)
if not xsrf.XsrfTokenValidate(xsrf_token, 'config'):
self.error(400)
self.response.out.write(json.dumps(
{'error': 'Invalid XSRF token. Refresh page and try again.'}))
return
if self.request.get('action', None) == 'pem_upload':
self._PemUpload()
else:
self._UpdateSettingValue()